Commit Graph

44708 Commits

Author SHA1 Message Date
Fabrice Fontaine
88019952d5 package/wpa_supplicant: fix static build with openssl and atomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fix build on sparc v8 (even if there is no autobuilder failures yet)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 056e963119)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:56:33 +02:00
Fabrice Fontaine
5bc5a2b3db package/pure-ftpd: fix static build with openssl and latomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fixes:
 - http://autobuild.buildroot.org/results/eba8d344446b0db6327c0588c456c14594984f76

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ff5504b4da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:55:41 +02:00
Fabrice Fontaine
c5814dcad4 package/libfreefare: fix static build with latomic
Use pkg-config to retrieve openssl dependencies such as lz or latomic

Fixes:
 - http://autobuild.buildroot.org/results/9bf69f238a63ea28690f7c0dbb8c30feb0afc5ad

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c49482604e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:54:15 +02:00
Jörg Krause
9f832e5277 package/musl: bump to version 1.1.22
From the release notes:
Notable regressions in sscanf and pthread_key_create introduced in 1.1.21
have also been fixed, along with various other bugs and minor conformance
issues.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 66976dff96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:52:51 +02:00
Peter Korsgaard
4238369b54 package/wpa_supplicant: add upstream 2019-1, 2, 3, 4 security patches
Fixes the following security vulnerabilities:

- CVE-2019-9494 (cache attack against SAE)

For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt

- CVE-2019-9495 (cache attack against EAP-pwd)

For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt

- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)

For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt

- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)

For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt

Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d28897da5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:50:15 +02:00
Peter Korsgaard
084f230842 package/hostapd: add upstream 2019-1, 2, 3, 4 security patches
Fixes the following security vulnerabilities:

- CVE-2019-9494 (cache attack against SAE)

For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt

- CVE-2019-9495 (cache attack against EAP-pwd)

For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt

- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)

For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt

- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)

For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt

Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 736f344755)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:49:55 +02:00
Fabrice Fontaine
3f62d96cd6 package/lldpd: remove --without-json
json option has been removed in version 0.9.7 with
06987a24ce

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2bbe9c41c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:44:09 +02:00
Fabrice Fontaine
56e57b144f package/lldpd: update license file
- Instead of README.md, use LICENSE file that has been added in version
  0.9.5 with
  4d534a60ee
- Add hash of license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d86eb0c8b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:20:56 +02:00
Fabrice Fontaine
6de205f8be package/freerdp: fix build without xfixes
Fixes:
 - http://autobuild.buildroot.org/results/69245e574787bada718c52c805ec137041dc233d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 41da6f02ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:19:40 +02:00
Alexey Lukyanchuk
942da943f3 package/freerdp: security bump to version 2.0.0-rc4
Fixes the following security issues:

- CVE-2018-8785: FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based
  Buffer Overflow in function zgfx_decompress() that results in a memory
  corruption and probably even a remote code execution.

- CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer
  Truncation that leads to a Heap-Based Buffer Overflow in function
  update_read_bitmap_update() and results in a memory corruption and
  probably even a remote code execution.

- CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer
  Overflow that leads to a Heap-Based Buffer Overflow in function
  gdi_Bitmap_Decompress() and results in a memory corruption and probably
  even a remote code execution.

- CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an
  Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that
  results in a memory corruption and possibly even a remote code execution.

- CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several
  Out-Of-Bounds Reads in the NTLM Authentication module that results in a
  Denial of Service (segfault).

For details, see the upstream PR:
https://github.com/FreeRDP/FreeRDP/pull/5031

Add support to set tls security level (for openssl >= 1.1.0), for RDP
protocol version 10 (needed for windows 10 and windows server
2016). Also have some fix and features, see
e21b72c95f

Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e91d89bf1)
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 21:15:44 +02:00
Bernd Kuhls
38ee47cc9c package/rapidxml: fix install path
kodi-pvr-iptvsimple as of
d27b3ed1d3

depends on rapidxml but expects the headers in usr/include/rapidxml
instead of usr/include.

This changes the install path to be consistent with Debian and Gentoo:

https://packages.debian.org/stretch/all/librapidxml-dev/filelist
https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/rapidxml/rapidxml-1.13-r1.ebuild#n22

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b0209a99e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 20:48:33 +02:00
Fabrice Fontaine
532af46554 package/xz: update license
- Add COPYING to license files as it gives useful info on license
- Add "Public Domain" to XZ_LICENSE (see COPYING)
- Add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dc9b97ab6c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 20:46:22 +02:00
Yann E. MORIN
e880e269dc package/linux-tools: fix kconfig coding style
Fix coding style introduced in d5edfa6eef (package/linux-tools/perf: add
dependency on 32-bit sync builtins).

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3fd181bdcc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:52 +02:00
Alexey Brodkin
b9e934bfbf package/linux-tools/perf: add dependency on 32-bit sync builtins
Sync builtins ops are strictly required by perf utility as it uses
atomic_xxx() functions.

Otherwise building fails like that:
|.../output/host/opt/ext-toolchain/bin/../lib/gcc/arc-snps-linux-uclibc/8.2.1/../../../../arc-snps-linux-uclibc/bin/ld:
|.../output/build/linux-5.0.7/tools/perf/libperf.a(libperf-in.o): in function `atomic_cmpxchg':
|.../output/build/linux-5.0.7/tools/include/asm-generic/atomic-gcc.h:69: undefined reference to `__sync_val_compare_and_swap_4'

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: drop Config.in comment]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit d5edfa6eef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:38 +02:00
Romain Naour
9c5f6b89c3 package/linux-tools: some selftests needs kmod's modprobe
Some kernel-selftests are using modprobe options (-n) that are not available
from busybox's modprobe, so make sure that BR2_PACKAGE_KMOD_TOOLS is selected.

[linux-4.19 selftests]$ git grep tput
drivers/gpu/drm_mm.sh:if ! /sbin/modprobe -n -q test-drm_mm; then
drivers/usb/usbip/usbip_test.sh:if ! /sbin/modprobe -q -n usbip_host; then

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c301405c34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:25 +02:00
Romain Naour
c6f30d355c package/linux-tools: some selftests needs tput
Some kernel-selftests are using tput program, so make sure that
BR2_PACKAGE_NCURSES_TARGET_PROGS is selected.

[linux-4.19 selftests]$ git grep tput
[...]
futex/run.sh:tput setf 7 || tput setaf 7
futex/run.sh:    tput sgr0

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 633e5121f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:19 +02:00
Romain Naour
058c89f1e6 package/linux-tools: some selftests needs util-linux schedutils
Some kernel-selftests are using taskset program, so make sure that
BR2_PACKAGE_UTIL_LINUX_SCHEDUTILS is selected.

[linux-4.19 selftests]$ git grep taskset
bpf/test_progs.c:       assert(system("taskset 0x1 ./urandom_read 100000") == 0);
cpu-hotplug/cpu-on-off-test.sh: taskset -p 01 $$
cpufreq/main.sh:        taskset -p 01 $$
netfilter/nft_trans_stress.sh:        ip netns exec "$testns" taskset $mask ping -4 127.0.0.1 -fq > /dev/null &
netfilter/nft_trans_stress.sh:        ip netns exec "$testns" taskset $mask ping -6 ::1 -fq > /dev/null &
rcutorture/bin/jitter.sh:       if ! taskset -p $cpumask $$ > /dev/null 2>&1

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6af93482d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 17:23:11 +02:00
Thomas De Schampheleire
05f41b5a43 package/syslog-ng: fix segfault on startup due to pthread_atfork
syslog-ng may segfault at startup (during library initialization, before
reaching main) in newer toolchains. I have witnessed it on aarch64 (but with
32-bit arm userland) with glibc 2.28.

Problem is described in syslog-ng issue #2263 [1], which in turn leads to a
problem in 'ivykis' which is shipped with syslog-ng, see ivykis issue #15
[2].

Root cause is that 'pthread_atfork' is used by ivykis but searched by its
configure script in libpthread_nonshared only. In newer toolchains, it seems
this symbol is in libc_nonshared.

Apply a patch someone proposed via pullrequest [3] to the ivykis project,
but which is at this moment not yet merged upstream.

[1] https://github.com/balabit/syslog-ng/issues/2263
[2] https://github.com/buytenh/ivykis/issues/15
[3] https://github.com/buytenh/ivykis/pull/16

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1467eaa6b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 15:57:47 +02:00
Adam Duskett
3df4ea4694 package/python3: fix hash for license file
The year was updated.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf6615d801)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 15:53:08 +02:00
Adam Duskett
0012baabfc package/python3: security bump version to 3.7.3
Also remove upstream patch 0033.

Fixes the following security issues:

- bpo-36216: Changes urlsplit() to raise ValueError when the URL contains
  characters that decompose under IDNA encoding (NFKC-normalization) into
  characters that affect how the URL is parsed.

- bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module.  The
  cert parser did not handle CRL distribution points with empty DP or URI
  correctly.  A malicious or buggy certificate can result into segfault.
  Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of
  Cisco.

- bpo-35121: Don’t send cookies of domain A without Domain attribute to
  domain B when domain A is a suffix match of domain B while using a
  cookiejar with http.cookiejar.DefaultCookiePolicy policy.  Patch by
  Karthikeyan Singaravelan.

For more details, see the changelog:
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-3-final

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6afc83b60f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 15:51:47 +02:00
Peter Korsgaard
1c5dd5d934 package/samba4: security bump to version 4.9.6
Fixes the following security vulnerabilities:

 - CVE-2019-3870:
   During the provision of a new Active Directory DC, some files in the private/
   directory are created world-writable.
   https://www.samba.org/samba/security/CVE-2019-3870.html

 - CVE-2019-3880:
   Authenticated users with write permission can trigger a symlink traversal to
   write or detect files outside the Samba share.
   https://www.samba.org/samba/security/CVE-2019-3880.html

For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.6.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8a662ae308)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:29:00 +02:00
Baruch Siach
8db0d3901d package/ghostscript: security bump to version 9.27
Fixes CVE-2019-3835, CVE-2019-3838: A specially crafted PostScript file
could use these flaws to have access to the file system outside of the
constrains imposed by -dSAFER.

Drop upstream patches.

Use the make subst function to compute the download site from version.

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10a6ea5a30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:27:09 +02:00
Fabrice Fontaine
2004e75d35 package/xserver_xorg-server: disable unit tests
Fixes:
 - http://autobuild.buildroot.org/results/95a5004c9245f1f90758631b02e17d3df12812ec

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c41d8ba066)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:26:19 +02:00
Giulio Benetti
89029b28b5 package/civetweb: fix linking failure caused by wrong argument passed to pkg-config
On commit 027a8b29f1 pkg-config has been
added to retrieve OpenSSL dependencies, but it's been passed `libssl`
instead of `openssl`, this makes fail some linking. Indeed we need
OpenSSL dependency, so let's use `openssl` with pkg-config.

Substitute `libssl` with `openssl`.

Fixes:

  http://autobuild.buildroot.net/results/b225425ee237852bd9fee4ca0b8d24f3e37d64f9/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e38641851a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:22:37 +02:00
Giulio Benetti
18f8a9d00c package/civetweb: fix link failure due to missing OpenSSL dependency
During linking one OpenSSL dependecy is missing(-latomic) on linking
library list.

- Substitute explicit library list with `pkg-config libssl` when
  BR2_PACKAGE_OPENSSL is enabled. In such way all needed libraries
  will be included in linking list.

- Add also `host-pkgconf` to CIVETWEB_DEPENDENCIES if
  BR2_PACKAGE_OPENSSL is enabled to make it available for previous
  point.

Fixes:

  http://autobuild.buildroot.net/results/b2e210bdefe84f4ec9cfda79a33d81788fb7e66c/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 027a8b29f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:22:26 +02:00
Fabrice Fontaine
bc70d3b66d package/tor: fix static build with openssl and atomic
Update patch so -latomic (provided in LIBS) is added after openssl libs
(provided in $3)

Fixes:
 - http://autobuild.buildroot.org/results/4b90b7d02e354ebf3d8f95023547bf4a18e0165e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 73c04d9448)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:21:35 +02:00
Peter Korsgaard
0341ab3a75 package/tpm2-tss: add upstream patch to drop hardcoded -lgcrypt from tss2-esys.pc
tss2-esys.pc contains a hardcoded -lgcrypt even though the openssl crypto
backend (as in Buildroot) may be used, leading to linker errors when using
esys.

Given that tpm2-tss doesn't allow static linking, there is no need to
explicitly list the crypto library dependency.

Cherry pick an upstream patch to fix this.  Notice that the upstream patch
also changes the default crypto backend to openssl.  As this isn't stricly
needed (we explicitly configure for openssl) and requires autoreconv, drop
the configure.ac hunk from the patch.

https://github.com/tpm2-software/tpm2-tss/pull/1173

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 55c4f7ca4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:20:34 +02:00
Peter Korsgaard
650c2a5dcf package/tpm2-tools: license is 3c BSD, not 2c
The license contains the "no endorsement" clause, so it should be listed as
BSD-3-Clause:

  * Neither the name of Intel Corporation nor the names of its contributors
    may be used to endorse or promote products derived from this software
    without specific prior written permission.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92c7310d5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:19:37 +02:00
Giulio Benetti
3db5c4ebb2 package/android-tools: host-android-tools need pkg-conf
Host version of this package needs pkg-conf the same way as target
package: for Makefiles library dependencies retrieving.

Fixes:

  http://autobuild.buildroot.net/results/8543eb3815a67747349a2e60654d19b9804a3a89/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8bd63b0b4a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:18:44 +02:00
Giulio Benetti
a0260950e8 package/android-tools: fix static linking failure due to OpenSSL dependencies
When static linking some dependency library can be missing
(i.e. -latomic for -lcrypto) on linking libraries list. This is
because when static linking libraries dependencies are not
transparently linked into binary.

To avoid moving libraries before/after one another or add new ones
that are not needed at all in the dynamic linking case, we use `pkg-config --libs
LIBRARY` where LIBRARY is the library we "probe" for its existence and
dependency.

In this commit, we:

- Remove 0005-fix-static-link-zlib.patch where -lcrypto and -lz were
  swapped, as it is no longer needed thanks to the following point.

- Replace it with 0005-Use-pkgconf-to-get-libs-deps.patch where
  -lcrypto has been substituted with `pkg-config --libs libcrypto`

- Add host-pkgconf to ANDROID_TOOLS_DEPENDENCIES

Fixes:

  http://autobuild.buildroot.net/results/d3d6679cfc8afe4467368bd3d31483172c1032de/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e4f77a2e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:18:35 +02:00
Anisse Astier
34cb21a209 DEVELOPERS: monitor pkg-golang.mk
Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 89e5632c8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:16:51 +02:00
Christian Stewart
1582640b18 DEVELOPERS: add Christian Stewart for package/pkg-golang
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4f2431fd9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:16:43 +02:00
Sørensen, Stefan
5eee309aeb package/gnutls: security bump to 3.6.7.1
Fixes the following security issues:

 * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
   that there is an uninitialized pointer access in gnutls versions 3.6.3 or
   later which can be triggered by certain post-handshake messages

 * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
   before 3.6.7. A memory corruption (double free) vulnerability in the
   certificate verification API. Any client or server application that
   verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

3.6.7.1 is identical to 3.6.7, but fixes a packaging issue in the release
tarball:

https://lists.gnutls.org/pipermail/gnutls-devel/2019-April/013086.html

HTTP URLs changed to HTTPS in COPYING, so update license hash.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1dd5576ccb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:16:27 +02:00
Peter Korsgaard
eef631fe89 package/docker-cli: bump to version v18.09.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 426103703d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:14:15 +02:00
Peter Korsgaard
55688518cb package/docker-engine: bump to version v18.09.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 37371ff4f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:14:08 +02:00
Peter Korsgaard
b642a660c5 package/docker-containerd: refer to official website
Containerd is no longer maintained under the docker github project and now
has an official website, so refer to that in the help text.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 638504bcdf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:13:59 +02:00
Peter Korsgaard
e562f33a9d package/docker-containerd: bump version to v1.2.5
Contains a number of bugfixes. For more details, see the announcement:

https://github.com/containerd/containerd/releases/tag/v1.2.5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 20af865354)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:13:38 +02:00
Peter Korsgaard
4b57a7161b Revert "runc: depend on linux headers >= 3.11 for O_TMPFILE"
This reverts commit 905e976a6a.

With the bump to 1.0.0-rc7, runc no longer needs O_TMPFILE.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4b13a21692)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:12:07 +02:00
Peter Korsgaard
a0ab62a737 Revert "package/runc: blacklist Codesourcery ARM toolchain"
This reverts commit ce76a98902.

With the bump to 1.0.0-rc7, runc no longer needs O_TMPFILE.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 18fb2167f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:09:14 +02:00
Peter Korsgaard
8c5de3f841 package/runc: bump to version 1.0.0-rc7
This includes an improved fix for CVE-2019-5736 without the ~10MB memory
overhead per container and with fallback code using mkostemp(3) when
O_TMPFILE isn't available.

For more details, see the announcement:
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc7

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 56f495a078)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 23:09:04 +02:00
Bernd Kuhls
e2825e92a9 package/php: security bump to version 7.3.4
Changelog: https://www.php.net/ChangeLog-7.php#7.3.4

Fixes these bugs, CVE-ID were not assigned yet:

    Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
    Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 614c1e2edd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:33:22 +02:00
Fabrice Fontaine
3d1cdb23f3 package/numactl: remove unneeded patches
Both patches are already included (a bit earlier in the file) in version
2.0.12, so drop the patches.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0fda716432)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:32:35 +02:00
Peter Korsgaard
a1d6549359 {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.0.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ab5fbbd640)
[Peter: drop 5.0.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:31:44 +02:00
Francois Perrad
ea80b3ccbc package/copas: avoid to load module coxpocall with LuaJIT
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4fdbe7f9ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:29:35 +02:00
Christian Stewart
08209c67f4 boot/syslinux: fix build with binutils note gnu property section
Fixes #11756

This fixes the following build error with newer binutils:

  objcopy -O binary mbr.elf mbr.bin
  perl /build/syslinux/src/syslinux/mbr/checksize.pl mbr.bin
  mbr.bin: too big (452 > 440)

Corresponding bug reports:

 - https://bugs.archlinux.org/task/60405
 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906414

Strip the .note.gnu.property in the linker scripts for the MBRs.

Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ca17cdc92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:28:25 +02:00
Francois Perrad
f64a25a099 package/wsapi: update coxpcall dependency
since version 1.7, coxpcall is only required with Lua 5.1

see, https://github.com/keplerproject/wsapi/pull/41

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b7b8a7f3ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:27:34 +02:00
Fabrice Fontaine
9b7ef67df9 package/sane-backends: security bump to version 1.0.27
- Switch site to gitlab
- Remove second patch (already in version)
- Use new --{with,without}-usb option
- Add hash for license file
- Fix CVE-2017-6318

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a911b7d229)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:25:13 +02:00
Peter Korsgaard
df9da3c39d package/wget: security bump to version 1.20.3
Fixes CVE-2019-5953: Buffer overflow vulnerability

For more details, see the announcement:
https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00015.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d732da7a20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:24:42 +02:00
Peter Korsgaard
55a098dc77 fs/common.mk: disable real chown calls in fakeroot
fakeroot by default forwards {f,l,}chown calls to libc and ignores
permission issues, which may cause issues when building in restricted
environments like user namespaces as set up with bubblewrap where a chown
call with a uid/gid not mapped in the user namespace instead returns EINVAL.
This error is not masked by fakeroot and returned to the caller, causing
failures.

There is no real reason to really perform the *chown calls in the context of
Buildroot (as the calls will likely just fail and files are not accessed
outside the fakeroot environment any way).

This forwarding can be disabled by setting the FAKEROOTDONTTRYCHOWN
environment variable, so set it when fakeroot is executed.

Reported-by: Esben Nielsen <nielsen.esben@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 655acd1df0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:23:37 +02:00
Carlos Santos
461465b4ec DEVELOPERS: stop monitoring aer-inject
I left DATACOM and will unlikely have access to the hardware required to
test the package.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c45394c1b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-14 22:23:22 +02:00